Contact [email protected] to receive pricing for this add-on.
What is SSO (Single Sign-On)
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with a single set of login credentials. Instead of having to remember and enter different usernames and passwords for each application, users log in once to a central authentication service and then gain access to all linked systems without needing to log in again.
Examples of SSO providers include: Okta, Auth0, and Microsoft Azure Active Directory (Azure AD).
Benefits of SSO
Unified Access: Users can access multiple applications or services after logging in just once.
Improved Security: By reducing the number of passwords users need to remember and manage, SSO can lower the risk of weak or reused passwords. Centralized authentication also makes it easier to enforce strong security policies.
User Convenience: Simplifies the login process for users, leading to a smoother and more efficient experience.
Centralized Management: IT administrators can manage user access and permissions from a single point, streamlining administrative tasks and improving oversight.
Integration: SSO systems often integrate with various identity providers and applications, facilitating access across diverse platforms and services.
Additional Information
Sessionboard supports the following SSO configurations: SAML (Security Assertion Markup Language) & OIDC (OpenID Connect).
Sessionboard can set up a different SAML / OIDC configuration for the Session Submission Form, Portals, and Admin login.
Sessionboard does not support Two-factor authentication (2FA) at this time.
SSO Setup Requirements
Sessionboard requirements:
Sessionboard will provide the following information to the customer:
Assertion Consumer Service URL: This is the url that receives a POST call from the identity provider with the SAML assertion. This endpoint will use the certificate to check that.
Audience URL: This is an identifier of the SP.
Customer requirements:
The customer must provide the following information to Sessionboard to enable SAML 2.0 SSO:
A SAML application created in the vendor identity provider.
x509 Certificate for SAML Assertion
Issuer (it is useful to identify the provider’s application uniqueness).
Domain (which domain is intended to support SSO).
A test user so we may confirm the login flow.
View 'Okta Setup' below for further instructions on how to receive the requested information above.
By default, Sessionboard expects the following attributes to be returned as part of the user profile:
id: default ID from the SAML remote user directory.
firstName: user first name, used to reference the user and associated contact in our system
lastName: user last name, used to reference the user and associated contact in our system
email: user email that is used to log into Sessionboard and for authentication communications (password reset, new user invitation, etc.)
nameID: also user email
Okta Setup
The below instructions are for Okta (common IDP) but can be abstracted to other providers.
Create an application: Using the left menu, go into Applications > Applications.
Click on Create App Integration
Choose SAML 2.0 and click Next.
Fill out step 1 and click Next.
Fill fields in step 2 utilizing information received from Sessioboard:
Scroll down to Attributes Statements (Optional)
Important! This information is used to create a new user if it does not exist.Add the following:
firstName = user.firstName
lastName = user.lastName
email = user.email
id = user.id
After that click Next and Save.
The application has been created and it can now be configured in Sessionboard.
On the right side of your screen, click on the View SAML setup instructions button.
Open these to access the information you will need to provide to Sessionboard.
Once this is configured and saved, the identity provider will be ready to create and manage users in Sessionboard.